php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73655 Spoofchecker::isSuspicious behavior change due to upstream changes
Submitted: 2016-12-05 15:31 UTC Modified: 2016-12-05 17:33 UTC
From: sjon at hortensius dot net Assigned: stas
Status: Verified Package: intl (PECL)
PHP Version: 7.1.0 OS:
Private report: No CVE-ID:
Have you experienced this issue?
Rate the importance of this bug to you:

 [2016-12-05 15:31 UTC] sjon at hortensius dot net
Description:
------------
It seems Spoofchecker::isSuspicious is broken; testing an example from the manual all PHP versions work fine; except 7.1.0.

This seems related to an update which was done to the localization which was not present in any of the RCs (insert rant about RCs being real RCs here)

Test script:
---------------
See https://3v4l.org/5HWQT, script was copied from http://php.net/manual/en/spoofchecker.issuspicious.php

<?php
$checker = new Spoofchecker();

var_dump($checker->isSuspicious('google.com'));
var_dump($checker->isSuspicious('–†aypal.com'));

Expected result:
----------------
bool(false)
bool(true)

Actual result:
--------------
bool(false)
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-12-05 15:51 UTC] sjon at hortensius dot net
This might also be related to the recently released ICU-58 (http://site.icu-project.org/download/58) with which 7.1 was compiled. I'm sure distros will compile with the same ICU but this might be the reason I didn't find a suspicious commit in php-src itself
 [2016-12-05 16:22 UTC] sjon at hortensius dot net
I have confirmed php-7.1.0 compiled with ICU 55 works fine. Compiled with ICU 57 also works. Can anyone confirm if this is a bug with ICU itself; or with PHP's usage of ICU?

This is still a problem as distros such as ArchLinux will soon release with ICU-58 and experience this issue
 [2016-12-05 16:22 UTC] me at kelunik dot com
Works for me with ICU 55, so it seems to be an ICU problem.

$ php -v
PHP 7.1.0 (cli) (built: Dec  5 2016 17:15:16) ( NTS DEBUG )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.1.0-dev, Copyright (c) 1998-2016 Zend Technologies

$ cat bug73655.php 
<?php

$checker = new Spoofchecker();

var_dump($checker->isSuspicious('google.com'));
var_dump($checker->isSuspicious('–†aypal.com'));

$ php bug73655.php 
bool(false)
bool(true)

$ apt-show-versions libicu-dev 
libicu-dev:amd64/xenial 55.1-7 uptodate
libicu-dev:i386 not installed
 [2016-12-05 16:34 UTC] requinix@php.net
-Summary: Spoofchecker::isSuspicious broken +Summary: Spoofchecker::isSuspicious behavior change to due upstream changes -Status: Open +Status: Verified -Package: I18N and L10N related +Package: intl
 [2016-12-05 16:34 UTC] requinix@php.net
I don't understand the terminology but it seems this was an intentional change (or at least accepted side effect) with ICU 85.
http://bugs.icu-project.org/trac/ticket/12549

So this is tentatively NAB and in need of documentation changes, but for all I know there may be a way to preserve the old behavior, possibly involving toggle assorted spoofchecking options if the uspoof C API has that.
 [2016-12-05 16:35 UTC] requinix@php.net
-Summary: Spoofchecker::isSuspicious behavior change to due upstream changes +Summary: Spoofchecker::isSuspicious behavior change due to upstream changes
 [2016-12-05 17:33 UTC] cmb@php.net
-Assigned To: +Assigned To: stas
 [2016-12-05 17:33 UTC] cmb@php.net
One can get around the removal of WSC and MSC by setting the list of allowed locales manually, see <https://3v4l.org/33qXs>, for instance. So this might be solely a documentation issue.

Stas, as you're listed as ext/intl maintainer, what do you think?
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Mar 24 18:01:43 2017 UTC